Win32:CTX nicht entdeckt!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:39, on 23.4.10
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ActiveSMART 2.8\ActiveSMART.exe
C:\Program Files\Opera10usb\OperaUSB.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [avast5] C:\Program Files\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User->LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User->NETZWERKDIENST')
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra->Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ???-?,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: ActiveSMART Service - Ariolic Software, Ltd. ([url]http://www.ariolic.com[/url]) - C:\Program Files\ActiveSMART 2.8\ASmartService.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: dlcc_device - Unknown owner - C:\Windows\system32\dlcccoms.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v10\System\VC10SecS.exe

--
End of file - 7655 bytes

OTL logfile created on: 24.4.10 12:52:54 - Run 1
OTL by OldTimer - Version 3.2.2.0   Folder = C:\Users\barni\Desktop
 Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,10 Gb Total Space | 8,72 Gb Free Space | 17,40% Space Free | Partition Type: NTFS
Drive D: | 182,78 Gb Total Space | 14,84 Gb Free Space | 8,12% Space Free | Partition Type: NTFS
Drive E: | 203,69 Gb Total Space | 32,12 Gb Free Space | 15,77% Space Free | Partition Type: FAT32
Drive F: | 30,01 Gb Total Space | 22,52 Gb Free Space | 75,06% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 465,75 Gb Total Space | 26,49 Gb Free Space | 5,69% Space Free | Partition Type: NTFS
Drive M: | 465,75 Gb Total Space | 2,87 Gb Free Space | 0,62% Space Free | Partition Type: NTFS
Drive N: | 465,75 Gb Total Space | 219,27 Gb Free Space | 47,08% Space Free | Partition Type: NTFS
Drive O: | 931,51 Gb Total Space | 137,83 Gb Free Space | 14,80% Space Free | Partition Type: NTFS
Drive P: | 931,51 Gb Total Space | 4,39 Gb Free Space | 0,47% Space Free | Partition Type: NTFS
 
Computer Name: BARNI-PC
Current User Name: barni
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\barni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\barni\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (avast! Web Scanner) -- C:\Program Files\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (VC10SecS) -- C:\Programme\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ActiveSMART Service) -- C:\Programme\ActiveSMART 2.8\ASmartService.exe (Ariolic Software, Ltd. ([url]http://www.ariolic.com[/url]))
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AcronisOSSReinstallSvc) -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe ()
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (dlcc_device) -- C:\Windows\System32\dlcccoms.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (vdrv1000) -- C:\Windows\System32\drivers\vdrv1000.sys (H+H Software GmbH)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (VD_FileDisk) -- C:\Windows\System32\drivers\vd_filedisk.sys (Flint Incorporation)
DRV - (ECS_Loader_220) -- C:\Windows\System32\drivers\ECS_Loader_220.sys (WideView Technology Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (ROB_V) -- C:\Windows\System32\drivers\rob_v.sys (Pinnacle Systems GmbH)
DRV - (ROB_A) -- C:\Windows\System32\drivers\rob_a.sys (Pinnacle Systems GmbH)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url]http://de.msn.com/?ocid=iehp[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 0D F4 C2 29 E2 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.14 09:38:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.27 18:24:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.23 07:56:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.02.27 18:24:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.04.23 07:55:21 | 000,000,000 | ---D | M]
 
[2010.04.23 07:56:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.23 07:56:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\[email protected]
[2010.02.27 18:36:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NPSStartup] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra->Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url] (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (⫵佦ᘴ-퉨) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.01.03 18:04:02 | 000,000,000 | ---D | M] - L:\autorun -- [ NTFS ]
O32 - AutoRun File - [2006.11.03 13:58:30 | 000,000,038 | -H-- | M] () - L:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.01.03 18:03:52 | 000,000,000 | RH-D | M] - M:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 10:56:50 | 000,000,036 | RH-- | M] () - M:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.02.28 12:35:35 | 000,000,000 | RH-D | M] - N:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 10:56:50 | 000,000,036 | RH-- | M] () - N:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.07.03 22:47:27 | 000,011,381 | ---- | M] () - N:\autosave.win.bak -- [ NTFS ]
O32 - AutoRun File - [2010.02.28 12:35:36 | 000,000,000 | RH-D | M] - O:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 10:56:50 | 000,000,036 | RH-- | M] () - O:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.07.16 23:37:41 | 000,000,062 | ---- | M] () - P:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = comfile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.04.23 17:30:05 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.23 07:54:56 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.04.23 07:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.04.23 07:54:26 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.04.23 07:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.04.22 18:44:24 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.04.22 18:44:23 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.04.22 18:44:22 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.04.22 18:44:20 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.04.22 18:44:17 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.04.22 18:43:39 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.04.22 18:43:39 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.04.22 18:43:35 | 000,000,000 | ---D | C] -- C:\Programme\Avast5
[2010.04.22 18:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.04.22 18:16:53 | 000,000,000 | ---D | C] -- C:\Programme\iGrafx
[2010.04.22 18:12:17 | 000,000,000 | ---D | C] -- C:\iGrafx2009
[2010.04.22 18:12:17 | 000,000,000 | ---D | C] -- \iGrafx2009
[2010.04.19 19:30:56 | 000,000,000 | ---D | C] -- C:\Programme\pcwEmptyFolder
[2010.04.18 17:10:00 | 000,000,000 | ---D | C] -- C:\Programme\TVAnts
[2010.04.18 13:36:25 | 000,000,000 | ---D | C] -- C:\Programme\Veetle
[2010.04.17 14:58:11 | 000,000,000 | ---D | C] -- C:\Programme\BilderHerunterlader
[2010.04.15 07:43:28 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 07:43:27 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 07:43:26 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.10 15:36:13 | 000,000,000 | ---D | C] -- C:\Programme\SopCast
[2010.04.05 10:07:01 | 000,000,000 | ---D | C] -- C:\Programme\RAR Password Recovery Magic
[2010.04.04 20:56:25 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.04.04 20:56:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.04.04 20:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.03.31 10:53:04 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 10:53:03 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 10:53:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.04.24 12:45:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.24 12:45:15 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.24 12:44:03 | 003,932,160 | -HS- | M] () -- C:\Users\barni\NTUSER.DAT
[2010.04.24 12:31:36 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.24 12:31:36 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.24 12:31:24 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.24 12:31:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.23 17:35:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.23 17:35:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.23 07:55:55 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.04.23 07:55:55 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.04.23 07:54:26 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.04.22 23:16:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3912725596-1158882458-684769505-1002UA.job
[2010.04.22 22:34:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.22 20:06:05 | 002,266,276 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.22 20:06:05 | 000,666,534 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010.04.22 20:06:05 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.22 20:06:05 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.22 20:06:05 | 000,128,694 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010.04.22 20:06:05 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.22 20:06:05 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.22 18:44:24 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.04.22 18:44:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.04.22 16:16:01 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3912725596-1158882458-684769505-1002Core.job
[2010.04.22 15:31:46 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010.04.22 15:28:41 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.04.16 12:35:29 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.04.14 18:31:23 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.04.04 21:00:53 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.04.04 20:56:26 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.04.23 07:55:55 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.04.23 07:55:55 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.04.22 18:44:24 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.04.22 16:18:36 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.22 16:18:30 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.22 15:28:41 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.16 12:35:28 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.04 21:00:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.04 20:56:26 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.02.11 07:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.09 16:16:30 | 000,128,272 | R--- | C] () -- C:\Windows\System32\Lfkodak.dll
[2010.02.09 16:15:54 | 000,344,336 | R--- | C] () -- C:\Windows\System32\Lffpx7.dll
[2009.12.14 14:23:26 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.14 14:23:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.23 13:08:52 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2009.10.23 15:56:50 | 000,015,360 | R--- | C] () -- C:\Windows\System32\ibfs32.dll
[2009.10.22 17:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009.10.20 14:40:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.15 00:43:57 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.14 21:49:02 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.10.14 21:49:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.10.14 16:00:16 | 000,000,330 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2008.05.04 18:39:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2005.07.22 21:47:20 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlccinsb.dll
[2005.07.22 21:47:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcccub.dll
[2005.07.22 21:47:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcccu.dll
[2005.07.22 21:47:06 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlccins.dll
[2005.07.22 21:45:22 | 000,430,080 | ---- | C] () -- C:\Windows\System32\dlccutil.dll
[2005.06.29 10:41:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dlccinsr.dll
[2005.06.29 10:41:10 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcccur.dll
[2005.06.29 10:40:58 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlccjswr.dll
[2005.06.21 22:27:56 | 000,638,976 | ---- | C] () -- C:\Windows\System32\dlccpmui.dll
[2005.06.21 22:27:02 | 001,183,744 | ---- | C] () -- C:\Windows\System32\dlccserv.dll
[2005.06.21 22:22:06 | 000,483,328 | ---- | C] () -- C:\Windows\System32\dlcclmpm.dll
[2005.06.21 22:21:40 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlcccomm.dll
[2005.06.21 22:19:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlccpplc.dll
[2005.06.21 22:18:58 | 000,704,512 | ---- | C] () -- C:\Windows\System32\dlcccomc.dll
[2005.06.21 22:18:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlccprox.dll
[2005.06.21 22:12:48 | 001,134,592 | ---- | C] () -- C:\Windows\System32\dlccusb1.dll
[2005.06.21 22:09:22 | 000,770,048 | ---- | C] () -- C:\Windows\System32\dlcchbn3.dll
[2005.06.06 17:58:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcccfg.dll
[2005.03.30 17:19:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlccvs.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
< End of report >

OTL Extras logfile created on: 24.4.10 12:52:54 - Run 1
OTL by OldTimer - Version 3.2.2.0   Folder = C:\Users\barni\Desktop
 Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,10 Gb Total Space | 8,72 Gb Free Space | 17,40% Space Free | Partition Type: NTFS
Drive D: | 182,78 Gb Total Space | 14,84 Gb Free Space | 8,12% Space Free | Partition Type: NTFS
Drive E: | 203,69 Gb Total Space | 32,12 Gb Free Space | 15,77% Space Free | Partition Type: FAT32
Drive F: | 30,01 Gb Total Space | 22,52 Gb Free Space | 75,06% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 465,75 Gb Total Space | 26,49 Gb Free Space | 5,69% Space Free | Partition Type: NTFS
Drive M: | 465,75 Gb Total Space | 2,87 Gb Free Space | 0,62% Space Free | Partition Type: NTFS
Drive N: | 465,75 Gb Total Space | 219,27 Gb Free Space | 47,08% Space Free | Partition Type: NTFS
Drive O: | 931,51 Gb Total Space | 137,83 Gb Free Space | 14,80% Space Free | Partition Type: NTFS
Drive P: | 931,51 Gb Total Space | 4,39 Gb Free Space | 0,47% Space Free | Partition Type: NTFS
 
Computer Name: BARNI-PC
Current User Name: barni
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- %1 %*
cmdfile [open] -- %1 %*
comfile [open] -- %1 %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
exefile [open] -- %1 %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- C:\Program Files\Microsoft Office\Office12\msohtmed.exe %1 (Microsoft Corporation)
htmlfile [print] -- C:\Program Files\Microsoft Office\Office12\msohtmed.exe /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
piffile [open] -- %1 %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- %1 /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe %1 (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
DisableMonitoring = 1
 = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
VistaSp1 = Reg Error: Unknown registry data type -- File not found
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications = 0
EnableFirewall = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications = 0
EnableFirewall = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{04AABF6D-55C5-4779-ABF9-992016E913A2} = Micrografx Picture Publisher 10
{08C0729E-3E50-11DF-9D81-005056806466} = Google Earth
{0C826C5B-B131-423A-A229-C71B3CACCD6A} = CDDRV_Installer
{0DD140D3-9563-481E-AA75-BA457CBDAEF2} = PC Inspector File Recovery
{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B} = CCC Help Chinese Traditional
{10C51313-A308-4B40-90E3-B368D5882660} = Virtual CD v10
{13F3917B56CD4C25848BDC69916971BB} = DivX Converter
{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625} = Nokia Connectivity Cable Driver
{18D10072035C4515918F7E37EAFAACFC} = AutoUpdate
{1943A043-5C85-4A16-A0D0-D687B2C1A40F} = VirtualCom driver
{1B280FAF-AE10-4E31-A41A-DB3917D651DC} = ACDSee Pro 3
{1C802083-6D79-78ED-BF1C-601DDF908DD1} = Catalyst Control Center Core Implementation
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{2300EE96-0A41-4FAB-BD03-989EC44577A0} = AcronisDisk Director Suite
{26A24AE4-039D-4CA4-87B4-2F83216016FF} = Java(TM) 6 Update 16
{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A} = ccc-utility
{28728178-FF15-218B-0B63-012692F42C28} = CCC Help Danish
{3101CB58-3482-4D21-AF1A-7057FC935355} = KhalInstallWrapper
{32851025-1E46-83A3-1320-471619254E39} = Catalyst Control Center Localization All
{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2} = Mega Manager
{3FC7CBBC4C1E11DCA1A752EA55D89593} = DivX Version Checker
{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F} = CCC Help Swedish
{47609E69-4C5E-48B1-A889-24C6B82B5C04} = Vista Shortcut Manager
{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9} = ATI Catalyst Install Manager
{4AC1E1A2-D7E3-42D6-AD54-69158C49AA6F} = Visual Basic for Applications (R) Core
{52C5486C-ADA3-462E-8A8C-2B6A15965BF5} = SolidWorks 2009 SP03
{5343A801-92E5-C234-9F27-AB27EC738BF6} = CCC Help Japanese
{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA} = CCC Help Russian
{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
{5DC0DF76-3B2F-4C38-BE34-58627949BC1A} = Mega Manager
{600C37F2-098B-A165-C1DB-6AE2B89D8D49} = Catalyst Control Center Graphics Previews Common
{61F8CA2C-9A80-8A1B-D3B9-347530CB387F} = CCC Help Norwegian
{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F} = Catalyst Control Center Graphics Light
{690BE098-6D0D-493D-B079-BD7E8F81A141} = Opera 10.10
{69F411C5-4851-6DA9-EA4C-160BEF8788AA} = CCC Help French
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} = Windows Media Player Firefox Plugin
{6DD27E54-2598-0FEC-7CE1-BE00924C0570} = Catalyst Control Center Graphics Previews Vista
{71414EC2-0684-4A15-A85A-E0E259D117AF} = Microangelo Toolset 6
{7184F382-8A6C-4B85-A3AC-B63734B1E241} = SAMSUNG Mobile USB Driver
{7299052b-02a4-4627-81f2-1818da5d550d} = Microsoft Visual C++ 2005 Redistributable
{767CC44C-9BBC-438D-BAD3-FD4595DD148B} = VC80CRTRedist - 8.0.50727.762
{7B2B4D74-7410-4E42-A519-98E651FD4109} = UltraEdit 15.20
{7B63B2922B174135AFC0E1377DD81EC2} = DivX Codec
{7C27114E-6FC8-21F5-E501-FE48F09243DF} = CCC Help Dutch
{7E84FAC8-C518-40F9-9807-7455301D6D25} = SamsungConnectivityCableDriver
{80237C20-CBF3-F841-4AD5-E727AA86FBD1} = CCC Help Italian
{802EE127-D32A-1447-09DC-77419772BCDC} = CCC Help Portuguese
{836AFA32-7B8B-2C19-99D9-36EF32B42EB8} = CCC Help Thai
{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF} = Adobe Audition 1.5
{8ADFC4160D694100B5B8A22DE9DCABD9} = DivX Player
{8AF3E926-ED59-11D4-A44B-0000E86D2305} = Ulead GIF Animator 5 Test
{8D7133DE-27D2-47E5-B248-4180278D32AA} = Catalyst Control Center - Branding
{90120000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2007
{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2007
{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2007
{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2007
{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2007
{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2007
{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2007
{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2007
{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2007
{90120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2007
{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0051-0000-0000-0000000FF1CE} = Microsoft Office Visio Professional 2007
{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585} = Microsoft Office Visio 2007 Service Pack 2 (SP2)
{90120000-0054-0407-0000-0000000FF1CE} = Microsoft Office Visio MUI (German) 2007
{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B} = Microsoft Office Visio 2007 Service Pack 2 (SP2)
{90120000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2007
{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2007
{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-00A4-0409-0000-0000000FF1CE} = Microsoft Office 2003 Web Components
{90120000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2007
{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B} = 2007 Microsoft Office Suite Service Pack 2 (SP2)
{946942CB-D078-F33A-A3CD-27E0393507FD} = CCC Help Turkish
{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6} = Catalyst Control Center Graphics Full New
{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9D4D095B-B81E-4938-9BC9-E9EF9F3AE85A} = Visual Basic for Applications (R) Core - German
{9D8B0949-7C47-476F-9F06-F900D3B078EA} = Kaspersky Internet Security 2010
{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2} = Catalyst Control Center InstallProxy
{A02CC93A-134F-0319-1438-B1E895B52577} = CCC Help German
{A498D9EB-927B-459B-85D6-DD6EF8C2C564} = erLT
{A7E1ADB8-162B-7C33-60FB-0561A17BD876} = CCC Help Spanish
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper
{A96E97134CA649888820BCDE5E300BBD} = H.264 Decoder
{A96EEF55-155C-552E-ABB1-6FDAEF5BD944} = CCC Help Polish
{AAC389499AEF40428987B3D30CFC76C9} = MKV Splitter
{AC599724-5755-48C1-ABE7-ABB857652930} = PC Connectivity Solution
{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934} = CCC Help Greek
{AEF9DC35ADDF4825B049ACBFD1C6EB37} = AAC Decoder
{B04D5DA5-11DA-830C-85C6-0FF9185787E7} = Skins
{B13A7C41581B411290FBC0395694E2A9} = DivX Converter
{B7050CBDB2504B34BC2A9CA0A692CC29} = DivX Web Player
{BB603E9F-ECE8-7713-B0AC-7E0614E8C058} = Catalyst Control Center HydraVision Full
{BE232D60-AEA5-502F-ACBF-9AC188A82C21} = CCC Help Finnish
{C15C4AB5-EF5D-5050-273C-4636E3FBE301} = CCC Help Czech
{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0} = Test Drive Unlimited
{C9A87D86-FDFD-418B-BF96-EF09320973B3} = PC Inspector smart recovery
{D103C4BA-F905-437A-8049-DB24763BBE36} = Skype™ 4.2
{D481EA96-2313-4A7C-98EE-710D1AF884AC} = Microsoft Visual Studio 2005 Tools for Applications - ENU
{D765F1CE-5AE5-4C47-B134-AE58AC474740} = OpenOffice.org 3.1
{D972F309-7376-4B25-10AA-04C80D13E1F4} = iGrafx 2009
{E09CD13D-7CE3-351C-1625-8DC7F21A99C0} = ccc-core-static
{E373E0E2-20F5-90DF-B315-615EA6E52101} = Catalyst Control Center Graphics Full Existing
{E6DA746E-1175-88BD-2B16-1DC62018E060} = CCC Help Chinese Standard
{F053BFD9-4357-6A82-6042-CF919667448F} = CCC Help English
{F17EB02C-DA0D-EDEF-2E16-501FB700A710} = CCC Help Hungarian
{F193FC0E-9E18-40FC-A974-509A1BDD240A} = Samsung New PC Studio
{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} = Logitech SetPoint
{F5DDC0CD-F13A-83F0-5103-563A17EA306F} = CCC Help Korean
{F9B37992-968C-4264-8449-489032FC28DE} = Wolfenstein
{FB08F381-6533-4108-B7DD-039E11FBC27E} = Realtek AC'97 Audio
3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
ActiveSMART_2_6_is1 = ActiveSMART
Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin = Adobe Flash Player 10 Plugin
AllDup_is1 = AllDup 2.1.6
avast5 = avast! Free Antivirus
Avira AntiVir Desktop = Avira AntiVir Personal - Free Antivirus
AVS Update Manager_is1 = AVS Update Manager 1.0
AVS4YOU Software Navigator_is1 = AVS4YOU Software Navigator 1.3
AVS4YOU Video Converter 6_is1 = AVS Video Converter 6
BilderHerunterlader = BilderHerunterlader 2.8.2
Dell Photo AIO Printer 924 = Dell Photo AIO Printer 924
DivX Plus DirectShow Filters = DivX Plus DirectShow Filters
DTV_1.0 = DVB-T USB 2.0 
E24870CB6AA1C3511635FF9020A3E9471287FBE7 = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
eMule = eMule
ENTERPRISE = Microsoft Office Enterprise 2007
FlashGet 2.0 = FlashGet 2.0
Foxit Reader = Foxit Reader
HijackThis = HijackThis 2.0.2
iGrafx 2009 = iGrafx 2009
InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A} = Samsung New PC Studio
InstallShield_{F9B37992-968C-4264-8449-489032FC28DE} = Wolfenstein
InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA} = Kaspersky Internet Security 2010
Manhunt 2 = Manhunt 2
Microsoft Visual Studio 2005 Tools for Applications - ENU = Microsoft Visual Studio 2005 Tools for Applications - ENU
Mozilla Firefox (3.5.3) = Mozilla Firefox (3.5.3)
Mozilla Thunderbird (2.0.0.24) = Mozilla Thunderbird (2.0.0.24)
Neat Image_is1 = Neat Image v6.0 Pro+
Neat Video for VirtualDub_is1 = Neat Video v2.0 Demo plug-in for Virtual Dub
Nero Lite 9.4.13.2 = Nero Lite 9.4.13.2 Build.1.0
Oxygen Phone Manager II fuer Nokia handys = Oxygen Phone Manager II fuer Nokia handys
Rainlendar2 = Rainlendar2 (remove only)
RAR Password Recovery Magic_is1 = RAR Password Recovery Magic v6.1.1.213
Ruff-FTP_is1 = Ruff-Tech
SAMSUNG Android USB Modem = SAMSUNG Android USB Modem Software
SAMSUNG Mobile Composite Device = SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem = SAMSUNG Mobile Modem Driver Set
Samsung Mobile Modem Device = Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem V2 = SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Drive = Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Download Driver = SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Modem = SAMSUNG Mobile USB Modem Software
SAMSUNG Mobile USB Modem 1.0 = SAMSUNG Mobile USB Modem 1.0 Software
Samsung Mobile USB Modem Device = Samsung Mobile USB Modem Device Software
SAMSUNG USB Mobile Device = SAMSUNG USB Mobile Device Software
SopCast = SopCast 3.2.9
SUPER © = SUPER © Version 2009.bld.36 (June 10, 2009)
TC UP = Total Commander Ultima Prime 4.9.0.0
The KMPlayer = The KMPlayer (remove only)
TreeSize Professional_is1 = TreeSize Professional 5.2.3
TVAnts 1.0 = TVAnts 1.0
TweakNow PowerPack 2009_is1 = TweakNow PowerPack 2009
UltraISO_is1 = UltraISO Premium V9.35
Unlocker = Unlocker 1.8.7
Veetle TV = Veetle TV 0.9.17
VISPRO = Microsoft Office Visio Professional 2007
whereisit-wii_is1 = WhereIsIt? 3.81
Winamp = Winamp
WinRAR archiver = WinRAR
XMPEG = XMPEG 5.0
Xvid_is1 = Xvid 1.2.2 final uninstall

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
FileZilla Client = FileZilla Client 3.2.8.1
Google Chrome = Google Chrome
PDF Suite = PDF Suite v9.0.5.22
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 21.4.10 15:51:40 | Computer Name = barni-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 22.4.10 09:27:10 | Computer Name = barni-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 22.4.10 09:46:46 | Computer Name = barni-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OperaUSB.exe, Version: 10.0.1750.0,
 Zeitstempel: 0x4a97bb4a Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.1113,
 Zeitstempel: 0x4afcef8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002ccd ID des fehlerhaften
 Prozesses: 0x564 Startzeit der fehlerhaften Anwendung: 0x01cae21ee4e4f151 Pfad der
 fehlerhaften Anwendung: C:\Program Files\Opera10usb\OperaUSB.exe Pfad des fehlerhaften
 Moduls: C:\PROGRA~1\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung: 7dad63b2-4e15-11df-9fa4-0015f2464fc2
 
Error - 22.4.10 11:07:33 | Computer Name = barni-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 22.4.10 12:16:45 | Computer Name = barni-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 22.4.10 12:16:46 | Computer Name = barni-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 22.4.10 12:43:35 | Computer Name = barni-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 23.4.10 01:52:54 | Computer Name = barni-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 23.4.10 01:54:26 | Computer Name = barni-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 23.4.10 11:31:38 | Computer Name = barni-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
Error - 7.4.10 14:49:14 | Computer Name = barni-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume L: den Befehl chkdsk aus.
 
 
< End of report >

GMER 1.0.15.15281 - [url]http://www.gmer.net[/url]
Rootkit scan 2010-04-24 13:26:57
Windows 6.1.7600 
Running: gmer t8ydl5pc.exe; Driver: C:\Users\barni\AppData\Local\Temp\pwlcqpog.sys


---- System - GMER 1.0.15 ----

INT 0x1F    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1CAF8
INT 0x37    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C104
INT 0xC1    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C3F4
INT 0xD1    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C04FB4
INT 0xDF    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C1DC
INT 0xE1    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C958
INT 0xE3    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1C6F8
INT 0xFD    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1CF2C
INT 0xFE    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)       81C1D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text      ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                    81C7C599 1 Byte [06]
.text      ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                81CA0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?        System32\Drivers\spma.sys                                       Das System kann den angegebenen Pfad nicht finden. !
.text      USBPORT.SYS!DllUnload                                         8C141CA0 5 Bytes JMP 84EFE4E0 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]               [87C3F042] \SystemRoot\System32\Drivers\spma.sys
IAT       \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]               [87C3F6D6] \SystemRoot\System32\Drivers\spma.sys
IAT       \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]           [87C3F800] \SystemRoot\System32\Drivers\spma.sys
IAT       \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]            [87C3F13E] \SystemRoot\System32\Drivers\spma.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]            [74622494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]         [74605624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]         [746056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]            [7462250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]       [74618573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]        [74614D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]        [746150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]       [746151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]   [746166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]        [746182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]     [74618819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]    [7461907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]       [7461E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1416] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]         [74614C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device     \FileSystem\Ntfs \Ntfs                                        83EB21F8
Device     \FileSystem\fastfat \FatCdrom                                     84F2F2E0
Device     \Driver\volmgr \Device\VolMgrControl                                 83EAE1F8
Device     \Driver\usbohci \Device\USBPDO-0                                   84F00500
Device     \Driver\usbehci \Device\USBPDO-1                                   84EF41F8

AttachedDevice \Driver\tdx \Device\Tcp                                        aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device     \Driver\volmgr \Device\HarddiskVolume1                                83EAE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1                                snapman.sys (Acronis Snapshot API/Acronis)

Device     \Driver\volmgr \Device\HarddiskVolume2                                83EAE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2                                snapman.sys (Acronis Snapshot API/Acronis)

Device     \Driver\cdrom \Device\CdRom0                                     84F19500
Device     \Driver\volmgr \Device\HarddiskVolume3                                83EAE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3                                snapman.sys (Acronis Snapshot API/Acronis)

Device     \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                              83EB01F8
Device     \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4                              83EB01F8
Device     \Driver\atapi \Device\Ide\IdePort0                                  83EB01F8
Device     \Driver\atapi \Device\Ide\IdePort1                                  83EB01F8
Device     \Driver\atapi \Device\Ide\IdePort2                                  83EB01F8
Device     \Driver\atapi \Device\Ide\IdePort3                                  83EB01F8
Device     \Driver\atapi \Device\Ide\IdePort4                                  83EB01F8
Device     \Driver\atapi \Device\Ide\IdePort5                                  83EB01F8
Device     \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2                              83EB01F8
Device     \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-8                              83EB01F8
Device     \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1                              83EB01F8
Device     \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-a                              83EB01F8
Device     \Driver\volmgr \Device\HarddiskVolume4                                83EAE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4                                snapman.sys (Acronis Snapshot API/Acronis)

Device     \Driver\volmgr \Device\HarddiskVolume5                                83EAE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5                                snapman.sys (Acronis Snapshot API/Acronis)

Device     \Driver\USBSTOR \Device\00000068                                   84FDA1F8
Device     \Driver\volmgr \Device\HarddiskVolume6                                83EAE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6                                snapman.sys (Acronis Snapshot API/Acronis)

Device     \Driver\USBSTOR \Device\00000069                                   84FDA1F8
Device     \Driver\volmgr \Device\HarddiskVolume7                                83EAE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7                                snapman.sys (Acronis Snapshot API/Acronis)

Device     \Driver\NetBT \Device\NetBt_Wins_Export                                84E031F8
Device     \Driver\volmgr \Device\HarddiskVolume8                                83EAE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8                                snapman.sys (Acronis Snapshot API/Acronis)

Device     \Driver\volmgr \Device\HarddiskVolume9                                83EAE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume9                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9                                snapman.sys (Acronis Snapshot API/Acronis)

Device     \Driver\ACPI_HAL \Device\0000004f                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device     \Driver\USBSTOR \Device\0000006a                                   84FDA1F8
Device     \Driver\USBSTOR \Device\0000006b                                   84FDA1F8
Device     \Driver\usbohci \Device\USBFDO-0                                   84F00500
Device     \Driver\usbehci \Device\USBFDO-1                                   84EF41F8
Device     \Driver\NetBT \Device\NetBT_Tcpip_{B28F6171-575A-4BDF-B92E-97FD602EE94A}               84E031F8
Device     \FileSystem\fastfat \Fat                                       84F2F2E0

AttachedDevice \FileSystem\fastfat \Fat                                       fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                          771343423
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                          285507792
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                          1
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04           
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0          0
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew        0x25 0x1F 0x4E 0xF2 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary                     C:\Windows\system32\drivers\VDRV1000.SYS
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group                         SCSI Miniport
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath                       system32\DRIVERS\vdrv1000.sys
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl                     1
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start                         1
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type                         1
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag                          64
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum                         
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0                        ROOT\SCSIADAPTER\0000
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count                      1
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance                   1
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@INITSTARTFAILED                 1
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters                      
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface                
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@1               1
Reg       HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security                       
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0            0
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew          0x25 0x1F 0x4E 0xF2 ...
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary                       C:\Windows\system32\drivers\VDRV1000.SYS
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group                           SCSI Miniport
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath                         system32\DRIVERS\vdrv1000.sys
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl                       1
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start                           1
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type                           1
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag                            64
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)               
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0                          ROOT\SCSIADAPTER\0000
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count                        1
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance                     1
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@INITSTARTFAILED                   1
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)            
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)      
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@1                 1
Reg       HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)             

---- EOF - GMER 1.0.15 ----